Ensure certificates are issued and emailed only once when emailing is enabled (#671)

Author: mdjnelson

classes/task/email_certificate_task.php

@@ -50,9 +50,12 @@ public function execute() {
         global $DB;
 
         $customdata = $this->get_custom_data();
+        if (empty($customdata) || empty($customdata->issueid) || empty($customdata->customcertid)) {
+            return;
+        }
 
-        $issueid = $customdata->issueid;
-        $customcertid = $customdata->customcertid;
+        $issueid = (int)$customdata->issueid;
+        $customcertid = (int)$customdata->customcertid;
         $sql = "SELECT c.*, ct.id as templateid, ct.name as templatename, ct.contextid, co.id as courseid,
                        co.fullname as coursefullname, co.shortname as courseshortname
                   FROM {customcert} c
@@ -61,6 +64,9 @@ public function execute() {
                  WHERE c.id = :id";
 
         $customcert = $DB->get_record_sql($sql, ['id' => $customcertid]);
+        if (!$customcert) {
+            return;
+        }
 
         // The renderers used for sending emails.
         $page = new \moodle_page();
@@ -93,6 +99,9 @@ public function execute() {
                  WHERE ci.customcertid = :customcertid
                    AND ci.id = :issueid";
         $user = $DB->get_record_sql($sql, ['customcertid' => $customcertid, 'issueid' => $issueid]);
+        if (!$user) {
+            return;
+        }
 
         // Create a directory to store the PDF we will be sending.
         $tempdir = make_temp_directory('certificate/attachment');

classes/task/issue_certificates_task.php

@@ -119,7 +119,7 @@ public function execute() {
             // Get the context.
             $context = \context::instance_by_id($customcert->contextid);
 
-            // Get a list of all the issues.
+            // Get a list of all the issues that are already emailed (skip these users).
             $sql = "SELECT u.id
                       FROM {customcert_issues} ci
                       JOIN {user} u
@@ -134,57 +134,59 @@ public function execute() {
             // Get the context of the Custom Certificate module.
             $cmcontext = \context_module::instance($cm->id);
 
-            // Now, get a list of users who can view and issue the certificate but have not yet.
             // Get users with the mod/customcert:receiveissue capability in the Custom Certificate module context.
             $userswithissue = get_users_by_capability($cmcontext, 'mod/customcert:receiveissue');
             // Get users with mod/customcert:view capability.
             $userswithview = get_users_by_capability($cmcontext, 'mod/customcert:view');
-            // Users with both mod/customcert:view and mod/customcert:receiveissue cabapilities.
+            // Users with both mod/customcert:view and mod/customcert:receiveissue capabilities.
             $userswithissueview = array_intersect_key($userswithissue, $userswithview);
 
-            // Filter the remaining users by determining whether they can actually see the CM or not
-            // (Note: filter_user_list only takes into account those availability condition which actually implement
-            // this function, so the second check with get_fast_modinfo must be still performed - but we can reduce the
-            // size of the users list here already).
+            // Filter remaining users by availability conditions.
             $infomodule = new \core_availability\info_module($cm);
             $filteredusers = $infomodule->filter_user_list($userswithissueview);
 
             foreach ($filteredusers as $filtereduser) {
-                // Check if the user has already been issued and emailed.
+                // Skip if the user has already been issued and emailed.
                 if (in_array($filtereduser->id, array_keys((array)$issuedusers))) {
                     continue;
                 }
 
-                // Don't want to issue to teachers.
+                // Don't want to issue to teachers/managers.
                 if (in_array($filtereduser->id, array_keys((array)$userswithmanage))) {
                     continue;
                 }
 
-                // Now check if the certificate is not visible to the current user.
-                $cm = get_fast_modinfo($customcert->courseid, $filtereduser->id)->instances['customcert'][$customcert->id];
-                if (!$cm->uservisible) {
+                // Check whether the CM is visible to this user.
+                $usercm = get_fast_modinfo($customcert->courseid, $filtereduser->id)->instances['customcert'][$customcert->id];
+                if (!$usercm->uservisible) {
                     continue;
                 }
 
-                // Check that they have passed the required time.
+                // Check required time (if any).
                 if (!empty($customcert->requiredtime)) {
                     if (\mod_customcert\certificate::get_course_time($customcert->courseid,
                             $filtereduser->id) < ($customcert->requiredtime * 60)) {
                         continue;
                     }
                 }
 
-                // Ensure the cert hasn't already been issued, e.g via the UI (view.php) - a race condition.
+                // Ensure the cert hasn't already been issued; if not, issue it now.
                 $issue = $DB->get_record('customcert_issues',
-                    ['userid' => $filtereduser->id, 'customcertid' => $customcert->id], 'id, emailed');
-
-                // Ok, issue them the certificate.
-                $issueid = empty($issue) ?
-                    \mod_customcert\certificate::issue_certificate($customcert->id, $filtereduser->id) : $issue->id;
+                    ['userid' => $filtereduser->id, 'customcertid' => $customcert->id],
+                    'id, emailed');
+
+                $issueid = null;
+                $emailed = 0;
+                if (!empty($issue)) {
+                    $issueid = (int)$issue->id;
+                    $emailed = (int)$issue->emailed;
+                } else {
+                    $issueid = \mod_customcert\certificate::issue_certificate($customcert->id, $filtereduser->id);
+                    $emailed = 0;
+                }
 
-                // Validate issueid and one last check for emailed.
-                if (!empty($issueid) && empty($issue->emailed)) {
-                    // We create a new adhoc task to send the email.
+                // If we have an issue and it has not been emailed yet, send it now.
+                if (!empty($issueid) && $emailed === 0) {
                     $task = new \mod_customcert\task\email_certificate_task();
                     $task->set_custom_data(['issueid' => $issueid, 'customcertid' => $customcert->id]);
                     $useadhoc = get_config('customcert', 'useadhoc');

tests/email_certificate_task_test.php

@@ -869,4 +869,72 @@ public function test_issue_certificates_task_creates_issue_when_none_exist(): vo
         $this->assertEquals($student->email, $emails[0]->to, 'Email recipient is incorrect.');
     }
 
+    /**
+     * The email_certificate_task should no-op (not fatal) when custom data is missing.
+     *
+     * @covers \mod_customcert\task\email_certificate_task
+     */
+    public function test_email_adhoc_task_ignores_missing_customdata(): void {
+        // No setup; call the adhoc task with no custom data.
+        $sink = $this->redirectEmails();
+
+        $task = new \mod_customcert\task\email_certificate_task();
+        // Intentionally DO NOT call set_custom_data().
+        $task->execute();
+
+        // Should not throw; should not send any email.
+        $emails = $sink->get_messages();
+        $this->assertCount(0, $emails);
+    }
+
+    /**
+     * The email_certificate_task should no-op when customcert id is invalid.
+     *
+     * @covers \mod_customcert\task\email_certificate_task
+     */
+    public function test_email_adhoc_task_invalid_customcertid(): void {
+        $sink = $this->redirectEmails();
+
+        $task = new \mod_customcert\task\email_certificate_task();
+
+        // Point to bogus ids; both should be integers but not exist.
+        $task->set_custom_data((object)['issueid' => 999999, 'customcertid' => 999998]);
+        $task->execute();
+
+        $emails = $sink->get_messages();
+        $this->assertCount(0, $emails);
+    }
+
+    /**
+     * The email_certificate_task should no-op when issue id is invalid (even if customcert exists).
+     *
+     * @covers \mod_customcert\task\email_certificate_task
+     */
+    public function test_email_adhoc_task_invalid_issueid_with_valid_customcert(): void {
+        global $DB;
+
+        // Minimal valid customcert (with one element) so the customcert lookup succeeds.
+        $course = $this->getDataGenerator()->create_course();
+        $customcert = $this->getDataGenerator()->create_module('customcert', ['course' => $course->id]);
+
+        // Make the template valid.
+        $template = new \stdClass();
+        $template->id = $customcert->templateid;
+        $template->name = 'T';
+        $template->contextid = \context_course::instance($course->id)->id;
+        $template = new \mod_customcert\template($template);
+        $pageid = $template->add_page();
+        $DB->insert_record('customcert_elements', (object)['pageid' => $pageid, 'name' => 'E']);
+
+        $sink = $this->redirectEmails();
+
+        $task = new \mod_customcert\task\email_certificate_task();
+
+        // Valid customcertid, but bogus issueid.
+        $task->set_custom_data((object)['issueid' => 123456789, 'customcertid' => $customcert->id]);
+        $task->execute();
+
+        $emails = $sink->get_messages();
+        $this->assertCount(0, $emails);
+    }
 }